Posted!

Join the Conversation

Comments

Welcome to our new and improved comments, which are for subscribers only.
This is a test to see whether we can improve the experience for you.
You do not need a Facebook profile to participate.

You will need to register before adding a comment.
Typed comments will be lost if you are not logged in.

Please be polite.
It's OK to disagree with someone's ideas, but personal attacks, insults, threats, hate speech, advocating violence and other violations can result in a ban.
If you see comments in violation of our community guidelines, please report them.

Here we go again. Almost a year ago, big-box retailers got a huge wake-up call when hackers broke into Target's computer systems and stole 40 million customer credit and debit card numbers. Now, Home Depot has lost up to 60 million card numbers to cyberthieves.

Not only is the number bigger this time, the Home Depot attack went on for five months before it was discovered; the Target attack was discovered after about three weeks. Things are getting worse, not better, and news of the Home Depot debacle came just as several celebrities' nude photos were hacked from their iCloud accounts and posted on the Web.

The companies are making the usual excuses about how hard it is to secure data from determined attackers, and that's valid to a point. Running a secure system, while keeping it open to customers and vendors, is difficult.

Even so, consumers deserve better than excuses, particularly when companies are saving huge amounts in postage and printing by urging everyone to "go paperless."

A Bloomberg/BusinessWeek analysis revealed that Target had installed a sophisticated anti-theft system but inexplicably ignored alarms after the system detected malware.

And according to the security blog Krebs on Security, which revealed the Home Deport attack, the cyberthieves who hit the company used a variant of the same malware.

The problem is enormous. Larry Ponemon, chairman of the cybersecurity think tank Ponemon Institute, says his firm estimates 47 percent of adult Americans have been exposed to one or more security breaches. True, customers are protected against fraudulent charges on their credit cards. But, to cover fraud, they pay a bit more for everything.

Customers have to get replacement cards and reset auto-pay accounts. Debit cards still lack the full legal protection that comes with credit cards, so bank accounts can take a hit. And research shows that consumers whose credit cards are stolen are at higher risk for identity theft.

What to do? Anti-fraud credit cards with embedded chips might be coming next year — 20 years after they went into widespread use in Europe.

Consumers could help by shunning chains with poor cybersecurity, but how can you tell which retailer is a patsy until it gets attacked?

The government might help by applying the "stress test" concept it uses to probe banks for weakness. Or perhaps the industry could adopt the sort of self-policing the nuclear power industry uses to detect and shame utilities with lax operations. Whatever the responses, customers who entrust companies with their sensitive financial data (or even their selfies) deserve a lot better than the sort of "security" they've been getting lately from big retailers.